Recent content by MeDiCS

There has been a lot of weird accidents involving US ships and helis in east asia lately.

You're right that the impact is way less on anything but Intel CPUs, but the point is AMD is not immune. IMO, it's not even near good enough to call it that for most people. Spectre var 1 is specially problematic because it requires patches or recompiles (example...

AMD is not immune, and neither are even other architectures such as ARM or even PowerPC. Intel just screwed up really bad and is even more vulnerable than its competitors. Personally, I've always preferred Intel but my next CPU will probably be an AMD.

Yes and no. There are many ways to carry out the attack, and there are many actual legitimate uses of the functionality used in any one Spectre implementation. Think of a malware that excludes all images you save in your My Documents folder. No part of that malware's code is inherently...

Ah, I see. No AV is able to find that out though, so it shouldn't be triggering anything even if speculative execution tries to read from invalid memory.

Where? I don't see a buffer overflow in the paper's sample. Not entirely, just mostly useless. It should ID previously known and unobfuscated malware, Spectre or not. Machine code for extracting stuff from the cache may be pretty idiosyncratic, so there might exist some detection opportunities...

Wow, it's been six years :owned: Sorry, it's very unlikely I'll update it. The addon itself is rather simple (the first version took me a few hours AFAIR), so I don't think it's impossible for someone else to come and release a Google Earth Tracker 3 compatible with the latest Orbiter.

Yes, it's hard to exploit Spectre but the problem is that now everyone knows there's an unfixable side-channel for anyone to use it. The throughput is pretty low, so what I think we'll start seeing is Spectre being incorporated into the malware toolbox to extract specific pieces of useful data...

Yes, a malicious program or script must be running in your computer. I don't know if JIT is completely required for Spectre JS attacks, but what it does require is a fairly accurate timer. Mozilla is nerfing exactly that to mitigate Spectre and I'm sure all other vendors will apply something...

Almost all computers fail to hide all the naughty things it does behind your back, so bad guys can force the computer to say things it must never say ever. ---------- Post added at 02:45 PM ---------- Previous post was at 02:35 PM ---------- Yes, which is absolutely bonkers. In the Spectre...

No idea. It may take years for the first affordable and performant CPUs to come with these bugs fixed because it sounds like it's a pretty fundamental flaw in their designs, regardless of manufacturer.

Link with papers for both attacks. What Face described is the Meltdown attack, which only works on Intel processors and can be patched against with performance drops on some workloads (most people shouldn't be too much affected by this according to the few benchmarks I've seen, but ofc the news...

Don't know about anyone else, but I went from "interesting news" to obnoxius fangirling after the announcement that they would launch a Tesla car to Mars with that test launch. I hope it goes according to plan. :hail::probe:

Programming will also ruin your life. But what if I don't drink.

You could try this by reading TVTropes' article on Planetes.